European Police Seek Cybercrime Triage

Many organized cybercrime gangs operate beyond European and US borders -- or jurisdiction -- thus making online crime eradication impossible.

10 Ways To Fight Digital Theft & Fraud

(Click image for larger view and slideshow.)

Should European cybercrime investigators triage more cybercrime cases and pursue fewer low-level cases while devoting greater resources to taking down the biggest organized crime gangs?

That suggestion was voiced in the opening keynote presentation delivered at this week's Infosecurity Europe conference in London by Troels Oerting, head of the European Cybercrime Centre (EC3) and assistant director for the operations department at Europol, which is the EU's law enforcement agency.

Troels Oerting, head of the European Cybercrime Centre and assistant director for operations at Europol

"We might also have to say no to some cases, like we do with bicycle theft," said Oerting. "There might be some cases that police do not prioritize, simply because we prioritize where the greatest harm is."

As anyone who's ever been the victim of bicycle theft knows, the police hardly launch an investigation every time someone files a complaint. But Oerting suggested that, with the quantity and severity of online attacks increasing, cybercrime cops should more purposefully allocate their scarce policing resources for maximum effect. Still, with so much online crime being -- by its very definition -- borderless, and increasingly disguised via anonymizing networks, would resource reallocation really take a big bite out of crime?

"Criminals can attack anyone, anytime, anywhere," said Oerting. "I'm getting gray hairs, because most of the criminal activity is being done via the darknet... which not even the NSA can penetrate."

Furthermore, online attacks against European targets continue to rise. According to a report issued this week by security firm FireEye, based on the 40,000 unique attacks and 22 million pieces of malware command-and-control communications the company saw at customers' sites in 2013, the four most malware-targeted European countries were Great Britain, Switzerland, Germany, and France -- accounting for 71% of all infected European systems.

Meanwhile, the advanced persistent threat (APT) attacks seen by FireEye primarily targeted Germany and the United Kingdom, with federal government agencies, energy firms, and financial services businesses the primary targets in what is typically a long-running operation. "Each APT event is an element in a long-term campaign against an organization in an industry -- try, try, try," said Simon Mullis, European systems integration technical lead at FireEye, in an interview at Infosecurity Europe. "You want to be careful, because when the APTs stop, they're already in."

According to data released earlier this month by Mandiant's FireEye, the average breach goes undetected for 229 days -- if it gets detected at all. In 67% of cases where breaches were detected, it was thanks to a third party, such as the FBI or Europol.

Europol's Oerting said his organization has been helping the 28 EU member countries bolster their information security investigation capabilities. "We've built up a heavy forensic capability to help the member states by assisting them in evidence-gathering."

Might better tools help, too? While acknowledging discussions in Britain, where elements of the coalition government would like to distance the country politically from the EU, Oerting lauded the EU for helping countries work together, not least when it comes to combatting crime and making related research and development funds available. "The EU has allotted €80 billion for research and development, and I intend to grab some of this money in order to ask the 28 member states: What types of tools do you need? Then we use the money, and give the tools back to the member states."

Then again, the origin of so many of today's online attacks won't be tough to trace. "My department works with Russian language speakers in about 75% to 80% of all our cases," Oerting said. But one long-standing challenge is that neither Russia nor Ukraine, which many security experts see as the biggest safe havens for criminals who launch online attacks, have extradition treaties with either Europe or the United States.

It's still tough for European or US police to catch criminals that foreign governments won't extradite. In computer crime cases involving Russian-language speakers, for example, Europol sometimes shares case information with its Russian counterparts and hopes local police follow it up. "Or we do it in the good old-fashioned police way -- we wait until they leave, and then we capture them," Oerting said.

But trying to arrest cybercriminals goes only so far. "We will not prosecute our way out of cybercrime," Lee Miles, deputy head of the UK National Cyber Crime Unit, which is part of the country's recently formed National Crime Agency, said Wednesday at an Infosecurity Europe panel discussion. "Many of the issues are jurisdictional," he noted, referring to the difficulty of prosecuting people in countries such as Russia. "Many of them are the sheer volume and anonymity, and many are the low-level individual crimes that don't really rise into organized criminality."

Given limited time and resources, accordingly, don't expect police to be able to pursue -- or prosecute -- every criminal who targets people online.

In my opinion, the issue of investigating and prosecuting cybercriminals shouldn't completely falls on the government. The problem itself is far too large for law enforcement to handle it on its own. Corporations should take ownership in this problem as well.

For example, corporations should have the minimum responsiblity of securing their networks. Many corporations leave their networks poorly defended which makes it extremely easy for attackers to infiltrate. To use an analogy this would be like leaving your corporate building unlocked without security guards or cameras and then being surprised that someone robbed you blind.

This shouldn't fall completely on governments as the problem itself is exacerbated by poor security practices by corporations.

Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...

A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page &quot;/ui/cbpc/login&quot; is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie &quot;sid&quot; generated by the page. The attacker will have acc...